Virginia has joined California as the second state to enact a comprehensive data privacy law. On March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. The VCDPA does not go into effect until January 1, 2023, but the broad privacy mandate will have an immediate impact on compliance efforts for many Virginia businesses.
On April 12, 2020, Virginia Governor Ralph Northam signaled his approval of—but has not yet signed—legislation (House Bill 972) that would decriminalize simple possession of marijuana. The impact of decriminalization on Virginia’s criminal process has been the highlight of the legislation, but the bill would also include restrictions that impact the application process for employers operating in the Commonwealth.
On March 23, 2020, Virginia Governor Ralph Northam signed Executive Order No. 53 (EO-53), which restricts the operation of certain non-essential businesses including restaurants and recreational and entertainment businesses. The order goes into effect on March 24, 2020, at 11:59 p.m., and will remain in effect until at least 11:59 p.m. on April 23, 2020.
On July 25, 2019, New York governor Andrew Cuomo signed into law two bills aimed at increasing the obligations of entities handling computerized private data. The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) expands the requirements for notifying affected parties in the event of a data breach and sets forth a demanding list of security measures that must be implemented to “maintain reasonable safeguards” to protect private information.
On April 30, 2019, Maryland governor Larry Hogan approved a series of amendments to the Maryland Personal Information Protection Act. The amendments, effective October 1, 2019, impact data breach obligations imposed on businesses that “maintain” computerized data containing personal information.